Vulnerabilities on Various Data Processing Levels
Author: Omar Ganiev
Developers become more security-aware and understand that user data should be properly processed, and sensitive data should not be available to unauthorized users. However, not all of them can distinguish between a user communication channel and a trusted data source. They tend to think on the level of their code syntax. This leads to later unexpected discoveries of unsecure input and output channels, since the program is not limited to the code itself, but involves the whole associated infrastructure with all complex interactions.
The speaker will try to systematize flaws of the insufficient input validation type (specifically in web applications), and draw to them the attention of both developers and security researches.
Omar Ganiev is a security assessment expert at IncSecurity, an HSE graduate (Department of Mathematics, 2012), active CTF contestant both as a member of several teams and individually (under the nickname Beched). A member the RDot.Org independent community and the CTF team of the same name.